How it Works

It is high time that you secure ALL of your customers!

With its ground breaking innovative technology, the Keypascos solution offers you a way to secure ALL of your customers without them even knowing it!

In addition, the Keypasco solution provides you with a unique risk engine, analysing the device behind every authentication attempt to detect fraudulent behaviour, to further increase the security for you and your customers. Several other features also add to the security – let us tell you how it works!

How it works

Our strong authentication solution consists of the Keypasco server, one or several clients, and a two-channel structure

The DeviceID properties on the end-users devices are scanned and stored at the Keypasco server

The first channel sends information between the end-user’s device (client or browser) and the online service provider

The second channel sends information between the end-user’s device, the client(s) and the authentication server

To verify the authentication and add the multi-factor levels of security the online service provider checks with the Keypasco server to verify the device authentication, geographical locations, proximity and the risk management analysis

Any external personal devices can form a part of the Digital Identity

Risk-engine: Analysis of different device properties: device, location, proximity, time gap, behaviour or combinations of them

Black-list of fraudulent devices

Our patented features

Device Fingerprint and two-channel authentication: Bring the users own device as unique authentication device through a two-channel structure. Security by Your own device.

Proximity: User’s own devices/wearables in close position to each other as unique identity to enhance security.

Keypasco PKI Sign: Keypasco has invented a unique solution for PKI in a mobile device without need for a Secure Element. By using Keypasco PKI Sign no complete private key is stored at any place, but it is still PKI compliant, making the solution extremely safe.

Dynamic URL: This allows for single sign-on with one single trusted security app linking multiple Internet content providers on one side and multiple ID providers on the other.

Keypasco mitigates threats

Phishing – by linking the users DeviceID with its geographical location, your username and password only works on your devices in the right locations.

Man in the Middle (MitM) and Man in the Browser (MitB) attacks – by Keypasco’s two-channel structure and Out of band secure notifications.

Malicious Virus Control (Viruses, Trojans, etc.) – with an Out of Band secure notifications we can stop them from taking control or replicate an end user’s device.

Theft/Robbery of a device can compromise a user’s security. With the Keypasco proximity feature, a user’s account is safe even if a device is stolen.

Desktop client

The client is installed on the end-users desktop computer for identification of the device and location. The desktop client also provides the functionality of secure verifications and signatures. The desktop client can be used to secure web solutions as well as desktop applications.

Smartphone & tablet client

Our SDK is integrated in the ICP’s app to identify the device and its location, and can confirm secure verifications and signatures through the Out-of-Band verification channel. One of the signature options is the Keypasco PKI Sign, which has no need of a secure element.

Browser client

With the Browser client, the Keypasco solution can verify the device and location. The unique risk engine is working in the background.

The Keypasco server

Keypasco authenticates the end-user by identifying and associating their device(s) and location(s) to an anonymous user-ID within the Keypasco server. No personal data is ever stored in either the client or on the server! The server is located in the Cloud and self-scalable to handle any volume.

Whatever combination, you get a solution with an intuitive user experience that mitigates all present online threats and is easy to integrate and easy for mass roll-out for a fraction of the cost of traditional solutions.

Mobile & Desktop

When you want to provide your customers with secure authentication without having to provide the end users with hardware tokens. It is also suitable if you have, or plan to have, a company App.

PKI Sign available

Mobile & Browser

When you want secure authentication. Want to secure the browser and have, or plan to have, a company App.

PKI Sign available

No installed client on the Desktop

Mobile Stand-alone

When you want to offer your end users secure authentication and have, or plan to have, a company App.

PKI Sign available

The Keypasco solution can be completely hidden as a library in your own App

Desktop Stand-alone

When you want to offer multi-factor secure authentication without having to provide the end users with hardware tokens.

Utilize your end users device as a secure token instead of spending money on a hardware token and distribution

Browser Stand-alone

When you want to offer secure authentication without having to ask your end users to install a client.

Utilize your end users device as a secure token instead of spending money on a hardware token and distribution

The micro proximity feature adds an additional level of security by appointing a dedicated micro proximity device. If this micro proximity device is not in immediate proximity to the Vakten for Desktop client the user can’t login or sign any transactions.

For an example: if device 1 is used to login to an account then device 2 (which is the micro proximity device) has to be within centimetres of device 1 to be logged in.

Our risk management analysis feature provides a risk score for each attempt done by the end user. The risk score and it´s value is determent by indicators such as correct device, proximity of additional secure devices, Out Of Band verifications, geographical locations/geofencing, previous fraud and fraud trends etc.

This analysis is improved continuously and is an active part of the service to quickly mitigate new threats.

The Keypasco PKI Sign feature is a dynamic feature that offers ICPs full support of PKI in a portable mobile device. The feature is based upon the core concepts:

a end users credentials, only known by the correct user,

a transaction can only be approved from the correct device,

a transaction can only be approved from an approved location.

We can guarantee by utilizing the PKI Sign that the signature is done by the correct user. Keypasco has invented (and patented) a new innovative way of using a users mobile device as a secure soft carrier of private keys.

An end users private key is divided into three parts: a client part, a server part, and a secret (PIN). The private keys can only be put together and sign a transaction if the end user has all three parts. The correct user is the only one who knows the secret to achieve the client part, and the server part is only achieved when the correct device and location has identified itself.

The feature does not require a Trusted Platform or a Secure Element, and Keypasco can provide the generating of keys, and verify the signatures if no established PKI CA is provided by the Internet Content Provider through an optional plugin.

Keypasco offers Internet Content Providers a way to provide user a option to sign transactions via the Desktop Client. The Vakten for Desktop client presents a window with the transaction details and asks the user to approve or deny.

This signature option is presented on the same Desktop device that initiated the attempt, but all the information is secured by the 2-channel structure.

The Keypasco product Browser Vakten is an easy and quickly deployable product tailored as an entry level product on it’s own, but comes to it’s full strength in combination with the Keypasco client Smartphone Vakten.

It doesn’t require any installation procedure on client devices; it is instead an integrated part of the web layer of the Internet Content Provider’s web site by an embedded JavaScript.

The Vakten client is installed in the end users browser to identity the device and location. This Vakten has one functionality:

Phishing: Keypasco mitigates phishing by linking the user with a geographical location and the device authentication. A user’s username and password will not work from a wrong device or location.

Man in the Middle & Man in the Browser: Man in the Middle (MitM) and Man in the Browser (MitB) attacks are mitigated by Keypasco’s 2-channel structure and the Out of band secure notifications.

Malicious Virus Control (Viruses, Trojans, etc): Viruses, Trojans, and other infections can control or replicate an end user’s device. Keypasco mitigates these threats by offering Out of Band authentication, which enables a user to regain control of devices and accounts.

Theft/Robbery: In addition to virtual threats, physical theft of a device can compromise a user’s security. With Keypasco’s proximity feature, a user’s account is safe even if a device is stolen.